ale64bit/frostfs-node
1
0
Fork 0
forked from TrueCloudLab/frostfs-node
Code Issues Pull requests Projects Releases Packages Wiki Activity

[#561] acl: Fetch bearer token from original request meta header

Browse source 
Request meta headers are organized in a layers, where
upper layers re-sign down layers. Bearer token should be
a part of original meta header and it can be omitted in
upper layers. Therefore we need to traverse over linked list
of meta header to the original meta header to get bearer token.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
Alex Vanin 2021-05-26 19:49:42 +03:00 committed by Alex Vanin
parent 8448207854
commit d368afffe5
1 changed files with 17 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
pkg/services/object/acl/acl.go
View file

@ -149,7 +149,7 @@ func (b Service) Get(request *object.GetRequest, stream objectSvc.GetObjectStrea
req := metaWithToken{
vheader: request.GetVerificationHeader(),
token: sTok,
bearer: request.GetMetaHeader().GetBearerToken(),
bearer: originalBearerToken(request.GetMetaHeader()),
src: request,
}
@ -197,7 +197,7 @@ func (b Service) Head(
req := metaWithToken{
vheader: request.GetVerificationHeader(),
token: sTok,
bearer: request.GetMetaHeader().GetBearerToken(),
bearer: originalBearerToken(request.GetMetaHeader()),
src: request,
}
@ -236,7 +236,7 @@ func (b Service) Search(request *object.SearchRequest, stream objectSvc.SearchSt
req := metaWithToken{
vheader: request.GetVerificationHeader(),
token: request.GetMetaHeader().GetSessionToken(),
bearer: request.GetMetaHeader().GetBearerToken(),
bearer: originalBearerToken(request.GetMetaHeader()),
src: request,
}
@ -273,7 +273,7 @@ func (b Service) Delete(
req := metaWithToken{
vheader: request.GetVerificationHeader(),
token: sTok,
bearer: request.GetMetaHeader().GetBearerToken(),
bearer: originalBearerToken(request.GetMetaHeader()),
src: request,
}
@ -305,7 +305,7 @@ func (b Service) GetRange(request *object.GetRangeRequest, stream objectSvc.GetO
req := metaWithToken{
vheader: request.GetVerificationHeader(),
token: sTok,
bearer: request.GetMetaHeader().GetBearerToken(),
bearer: originalBearerToken(request.GetMetaHeader()),
src: request,
}
@ -343,7 +343,7 @@ func (b Service) GetRangeHash(
req := metaWithToken{
vheader: request.GetVerificationHeader(),
token: sTok,
bearer: request.GetMetaHeader().GetBearerToken(),
bearer: originalBearerToken(request.GetMetaHeader()),
src: request,
}
@ -387,7 +387,7 @@ func (p putStreamBasicChecker) Send(request *object.PutRequest) error {
req := metaWithToken{
vheader: request.GetVerificationHeader(),
token: sTok,
bearer: request.GetMetaHeader().GetBearerToken(),
bearer: originalBearerToken(request.GetMetaHeader()),
src: request,
}
@ -771,3 +771,13 @@ func isOwnerFromKey(id *owner.ID, key *ecdsa.PublicKey) bool {
// binary comparison is better but MarshalBinary is more expensive
return bytes.Equal(id.ToV2().GetValue(), wallet.Bytes())
}
// originalBearerToken goes down to original request meta header and fetches
// bearer token from there.
func originalBearerToken(header *session.RequestMetaHeader) *bearer.BearerToken {
for header.GetOrigin() != nil {
header = header.GetOrigin()
}
return header.GetBearerToken()
}